You are here: Pulse Connect Secure > Pulse Connect Secure Administration Guide > Access Management Framework > SAML Single Sign-on > SAML 2 0 Configuration Tasks > Configuring System-Wide SAML Settings > Managing SAML Metadata Files

Managing SAML Metadata Files

You use the System > Configuration > SAML pages to maintain a table of SAML metadata files for the SAML service providers and identity providers in your network. Using SAML metadata files makes configuration easier and less prone to error.

You can add the metadata files to the system by:

To add metadata files:

  1. Select System > Configuration > SAML.
  2. Click New Metadata Provider to display the configuration page.
  3. Complete the settings described in Table 37.
  4. Save the configuration.

Table 37: SAML Metadata Provider Configuration Guidelines

Settings

Guidelines

Metadata Provider Location Configuration

Select one of the following methods:

  • Local. Browse and locate the metadata file on your local host or file system.
  • Remote. Enter the URL of the metadata file. Only http and https protocols are supported.

Metadata Provider Verification Configuration

Accept Untrusted Server Certificate

If you specify a URL for the metadata provider, select this option to allow the system to download the metadata file even if the server certificate is not trusted. This is necessary only for HTTPS URLs.

Accept Unsigned Metadata

If this option is not selected, unsigned metadata is not imported. Signed metadata is imported only after signature verification.

Signing Certificate

Browse and locate the certificate that verifies the signature in the metadata file. This certificate overrides the certificate specified in the signature of the received metadata. If no certificate is uploaded here then the certificate present in the signature of the received metadata is used.

Select the Enable Certificate Status Checking option to verify the certificate before using it. Certificate verification applies both to the certificate specified here and the certificate specified in the signature in the metadata file.

Metadata Provider Filter Configuration

Roles

Select whether the metadata file includes configuration details for a SAML service provider, identity provider, or Policy Decision Point. You may select more than one. If you select a role that is not in the metadata file, it is ignored. If none of the selected roles are present in the metadata file, the system returns an error.

Entity IDs To Import

Enter the SAML Entity IDs to import from the metadata files. Enter only one ID per line. Leave this field blank to import all IDs. This option is available only for uploading local metadata files.

The Refresh button downloads the metadata files from the remote location even if these files have not been modified. This operation applies only to remote locations; local metadata providers are ignored if selected.

To refresh a metadata file:

  1. Select System > Configuration > SAML.
  2. Select the metadata file to refresh and click Refresh.

To delete a metadata file:

  1. Select System > Configuration > SAML.
  2. Select the metadata file to delete and click Delete.

Related Topics